/contrib/bsnmp/snmp_vacm/snmp_vacm.3

 1.\"-
 2.\" Copyright (C) 2010 The FreeBSD Foundation
 3.\" All rights reserved.
 4.\" 
 5.\" This documentation was written by Shteryana Sotirova Shopova under
 6.\" sponsorship from the FreeBSD Foundation.
 7.\"
 8.\" Redistribution and use in source and binary forms, with or without
 9.\" modification, are permitted provided that the following conditions
10.\" are met:
11.\" 1. Redistributions of source code must retain the above copyright
12.\"    notice, this list of conditions and the following disclaimer.
13.\" 2. Redistributions in binary form must reproduce the above copyright
14.\"    notice, this list of conditions and the following disclaimer in the
15.\"    documentation and/or other materials provided with the distribution.
16.\" 
17.\" THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS ``AS IS'' AND
18.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20.\" ARE DISCLAIMED.  IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE
21.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27.\" SUCH DAMAGE.
28.\"
29.\" $FreeBSD$
30.\"
31.Dd October 7, 2010
32.Dt SNMP_VACM 3
33.Os
34.Sh NAME
35.Nm snmp_vacm
36.Nd "View-based Access Control module for"
37.Xr bsnmpd 1
38.Sh LIBRARY
39.Pq begemotSnmpdModulePath."vacm" = "/usr/lib/snmp_vacm.so"
40.Sh DESCRIPTION
41The
42.Nm snmp_vacm
43module implements SNMPv3 View-based Access Control Model MIB as defined in
44RFC 3415. The module is used to manage the internal lists of SNMPv1, v2c and
45v3 user names and groups and their access rights to fetch or modify the values
46of the MIB objects maintained by
47.Nm bsnmpd
48and the modules loaded in the daemon.
49The module must be loaded for
50.Nm bsnmpd
51to implement proper view-based access control. If the module is not loaded,
52access is granted to all configured SNMPv1 & SNMPv2c communities and SNMPv3
53USM users.
54.Sh IMPLEMENTATION NOTES
55An entry in any table implemented by this MIB may be created by setting the
56relevant RowStatus column to createAndGo (4) - in fact, any other value for
57those columns in a SET operation will cause an error. When an entry is created,
58any of its columns that is not used as index, is set to the default value as
59specified in the SNMP-VIEW-BASED-ACM-MIB. All entries maintained by the module
60are persistent after reboot if created via
61.Nm bsnmpd 's
62config file, otherwise entries created via SNMP are lost after reboot.
63A short description of the objects in the MIB follows.
64.Bl -tag -width "XXXXXXXXX"
65.It Va vacmContextTable
66A read-only table that consists of a list of SNMP contexts available in
67.Nm bsnmpd .
68.It Va vacmSecurityToGroupTable
69The table contains a list of SNMPv1, v2c and v3 user names and the groups
70they belong to.
71.It Va vacmAccessTable
72The table contains a list of SNMP contexts to groups mappings and respectively
73the names of the SNMP views under those contexts, to which users in the group
74are granted read-only, read-write access or receive notifications for the
75objects under the subtree in the relevant view.
76.It Va vacmViewTreeFamilyTable
77The table contains a list of SNMP views, i.e. entries specifying the OID of a
78MIB subtree and whether access to the objects under this subtree is to be
79allowed or forbidden.
80.El
81.Sh FILES
82.Bl -tag -width "XXXXXXXXX"
83.It Pa /usr/share/snmp/defs/vacm_tree.def
84The description of the MIB tree implemented by
85.Nm .
86.El
87.Sh SEE ALSO
88.Xr bsnmpd 1 ,
89.Xr gensnmptree 1 ,
90.Xr snmpmod 3
91.Sh STANDARDS
92IETF RFC 3415
93.Sh AUTHORS
94.An Shteryana Shopova Aq syrinx@FreeBSD.org